[BlueOnyx:04534] Re: PHP safe mode on BX
Michael Stauber
mstauber at blueonyx.it
Mon May 17 11:51:46 -05 2010
Hi Colin,
> We have recently had a developer query the fact that we have safe mode
> turned on on our BX servers:
>
> I've not seen Safe Mode turned on for a while, must admit it was quite
> surprising!
By default Safe Mode is enabled on a stock BlueOnyx install. But it can be
disabled individually on a per site basis if needed for those that need laxer
security.
And yes: We're aware that Safe Mode is deprecated and will be removed in
PHP-6. However, we're still using PHP-5.1.6 where it is supported. And
removing it entirely by adding it to the list of disabled functions (as one of
the articles you linked suggested) doesn't really help.
Safe Mode enabled - for now - still provides a tiny bit of extra security, so
we go with that. If enabled prevents (to a certain degree) that scripts owned
by user XYZ can access files owned by user ABC.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list